ArcEnterprise User Role with JS API Editor Widget

136
5
05-18-2022 12:40 PM
JustinKirtz1
New Contributor II

I'm working on an application that allows users to add a polygon to a feature service on our internal ArcGIS Server REST endpoint to report a water main break. It uses 'apply Edits'. If I want to allow everyone in our ArcEnterprise directory to report a water main break in this way do they have to have a Creator/Editor user role? We have a few hundred people in our organization so if we have to buy upgraded licenses for each person just to add a water main break polygon it wouldn't be financially feasible for us to swing it so the development time might not even be worth it.

0 Kudos
5 Replies
JeffreyWilkerson
Occasional Contributor II

I have built an application using ArcGIS Javascript 4.X technology that resides on our servers and accesses data in ArcGIS Online. That data is shared to the Enterprise only and I'm using Field Worker licenses to provide access. We anticipate less than 20 licenses needed and already have that so having enough licensing is not an issue for this application.  And it's nice to be able to (easily) track who's editing data.

If you are looking to just have an interface that allows a user to edit data across the enterprise, then you should probably look at using the OAuth2 way of building an application and accessing information (https://developers.arcgis.com/documentation/mapping-apis-and-services/security/application-credentia... ).  For each user you would use the OAuth2 method to generate a short-lived token that could then be used in the REST call to add/update/delete data. You would still have to manage who could access this application, or maybe just limit access by using an internal server for the app.  

Some ideas:

https://developers.arcgis.com/javascript/latest/sample-code/identity-oauth-basic/

https://developers.arcgis.com/net/forms/sample-code/authenticate-with-oauth/

https://developers.arcgis.com/javascript/3/jssamples/portal_oauth_inline.html

https://developers.arcgis.com/net/uwp/sample-code/authenticate-with-oauth/

https://community.esri.com/t5/arcgis-api-for-javascript-questions/access-private-map-in-website-with...

 

0 Kudos
JustinKirtz1
New Contributor II

Thank you for the reply and information. Does this mean that if I use OAuth then it doesn't matter what user role the end-user has and they can submit edits? 

0 Kudos
JeffreyWilkerson
Occasional Contributor II

Yes, I believe you are looking for using the Application Credentials through OAuth2 (https://developers.arcgis.com/documentation/mapping-apis-and-services/security/application-credentia...). You will need a Developers license (https://developers.arcgis.com/sign-up/) to create the ClientID and Client Secret by establishing a new application, then you can use those to generate a token.  For a quick test, if you have a tool like Postman (https://www.postman.com/) you can generate a POST call to the server to test getting the token, then try to access the REST endpoint for the data using this token. 

Here's an example of jQuery code generated by Postman to generate a token from a client ID/Secret:

var form = new FormData();
var settings = {
  "url": "https://www.arcgis.com/sharing/rest/oauth2/token?client_id=xxxxxxxx&client_secret=xxxxxxxxxxxxxxxx&grant_type=client_credentials",
  "method": "POST",
  "timeout": 0,
  "processData": false,
  "mimeType": "multipart/form-data",
  "contentType": false,
  "data": form
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
0 Kudos
JustinKirtz1
New Contributor II

Thank you for the help, I'll look into this!

0 Kudos
JeffreyWilkerson
Occasional Contributor II

With an Online license I think you can generate the Client ID/Secret for test purposes.  Postman has a free version as well.  Then if you generated a JSON for modification to an existing record for a ArcGIS Online layer you could use Postman to get the Token, and then use it to POST to the REST applyEdits ().  You could test this by running it as yourself, logged in as just a Viewer, or even through an InCognito (Chrome) or InPrivate (Edge) window. Just for a proof of concept and to see how it operates.

https://developers.arcgis.com/rest/services-reference/enterprise/apply-edits-feature-service-layer-....